Published: 04/09/2014 Updated: 23/06/2016

CVSS v2 Base Score: 3.3 | Impact Score: 2.9 | Exploitability Score: 6.5

VMScore: 294

Vector: AV:A/AC:L/Au:N/C:N/I:N/A:P

The get_option function in dhcpcd 4.0.0 up to and including 6.x prior to 6.4.3 allows remote DHCP servers to cause a denial of service by resetting the DHO_OPTIONSOVERLOADED option in the (1) bootfile or (2) servername section, which triggers the option to be processed again.

Vulnerable Product	Search on Vulmon	Subscribe to Product
dhcpcd project dhcpcd 6.0.2
dhcpcd project dhcpcd 6.0.3
dhcpcd project dhcpcd 6.0.4
dhcpcd project dhcpcd 6.0.5
dhcpcd project dhcpcd 5.0.4
dhcpcd project dhcpcd 5.0.6
dhcpcd project dhcpcd 5.0.7
dhcpcd project dhcpcd 5.0.8
dhcpcd project dhcpcd 5.0.9
dhcpcd project dhcpcd 5.2.4
dhcpcd project dhcpcd 5.2.5
dhcpcd project dhcpcd 5.2.6
dhcpcd project dhcpcd 5.2.7
dhcpcd project dhcpcd 5.6.3
dhcpcd project dhcpcd 5.6.4
dhcpcd project dhcpcd 5.6.5
dhcpcd project dhcpcd 5.6.6
dhcpcd project dhcpcd 4.0.0
dhcpcd project dhcpcd 4.0.12
dhcpcd project dhcpcd 4.0.13
dhcpcd project dhcpcd 4.0.14
dhcpcd project dhcpcd 4.0.15
dhcpcd project dhcpcd 6.3.1
dhcpcd project dhcpcd 6.3.2
dhcpcd project dhcpcd 6.4.0
dhcpcd project dhcpcd 6.4.1
dhcpcd project dhcpcd 5.1.4
dhcpcd project dhcpcd 5.1.5
dhcpcd project dhcpcd 5.2.0
dhcpcd project dhcpcd 5.2.1
dhcpcd project dhcpcd 5.5.1
dhcpcd project dhcpcd 5.5.2
dhcpcd project dhcpcd 5.5.3
dhcpcd project dhcpcd 5.5.4
dhcpcd project dhcpcd 5.5.5
dhcpcd project dhcpcd 5.99.4
dhcpcd project dhcpcd 5.99.5
dhcpcd project dhcpcd 5.99.6
dhcpcd project dhcpcd 5.99.7
dhcpcd project dhcpcd 4.0.7
dhcpcd project dhcpcd 6.0.0
dhcpcd project dhcpcd 6.2.0
dhcpcd project dhcpcd 6.3.0
dhcpcd project dhcpcd 6.4.2
dhcpcd project dhcpcd 5.0.1
dhcpcd project dhcpcd 5.1.0
dhcpcd project dhcpcd 5.1.2
dhcpcd project dhcpcd 5.2.11
dhcpcd project dhcpcd 5.2.3
dhcpcd project dhcpcd 5.2.8
dhcpcd project dhcpcd 5.5.0
dhcpcd project dhcpcd 5.5.6
dhcpcd project dhcpcd 5.6.1
dhcpcd project dhcpcd 5.6.8
dhcpcd project dhcpcd 5.99.3
dhcpcd project dhcpcd 4.0.1
dhcpcd project dhcpcd 4.0.11
dhcpcd project dhcpcd 4.0.2
dhcpcd project dhcpcd 4.0.4
dhcpcd project dhcpcd 4.0.6
dhcpcd project dhcpcd 6.0.1
dhcpcd project dhcpcd 6.1.0
dhcpcd project dhcpcd 6.2.1
dhcpcd project dhcpcd 5.0.0
dhcpcd project dhcpcd 5.0.3
dhcpcd project dhcpcd 5.1.1
dhcpcd project dhcpcd 5.1.3
dhcpcd project dhcpcd 5.2.10
dhcpcd project dhcpcd 5.2.12
dhcpcd project dhcpcd 5.2.9
dhcpcd project dhcpcd 5.6.0
dhcpcd project dhcpcd 5.6.2
dhcpcd project dhcpcd 5.6.7
dhcpcd project dhcpcd 5.99.2
dhcpcd project dhcpcd 4.0.10
dhcpcd project dhcpcd 4.0.3
dhcpcd project dhcpcd 4.0.5
google android

Debian Bug report logs - #770043 dhcpcd5: CVE-2014-6060: Denial of Service Package: dhcpcd5; Maintainer for dhcpcd5 is Scott Leggett <scott@slidau>; Source for dhcpcd5 is src:dhcpcd5 (PTS, buildd, popcon) Reported by: Pierre Schweitzer <pierre@reactosorg> Date: Tue, 18 Nov 2014 15:21:02 UTC Severity: important Ta ...

CWE-399 http://advisories.mageia.org/MGASA-2014-0334.html http://www.securityfocus.com/bid/68970 http://roy.marples.name/projects/dhcpcd/ci/1d2b93aa5ce25a8a710082fe2d36a6bf7f5794d5?sbs=0 http://www.openwall.com/lists/oss-security/2014/09/01/11 http://www.mandriva.com/security/advisories?name=MDVSA-2014:171 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.462420 http://www.openwall.com/lists/oss-security/2014/07/30/5 http://source.android.com/security/bulletin/2016-04-02.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770043 https://nvd.nist.gov

CVE-2014-6060

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect